Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html - | |
References | () http://marc.info/?l=bugtraq&m=126514298313071&w=2 - | |
References | () http://news.samba.org/releases/3.0.37/ - | |
References | () http://news.samba.org/releases/3.2.15/ - | |
References | () http://news.samba.org/releases/3.3.8/ - | |
References | () http://news.samba.org/releases/3.4.2/ - | |
References | () http://osvdb.org/57955 - | |
References | () http://secunia.com/advisories/36701 - Vendor Advisory | |
References | () http://secunia.com/advisories/36893 - Vendor Advisory | |
References | () http://secunia.com/advisories/36918 - Vendor Advisory | |
References | () http://secunia.com/advisories/36937 - Vendor Advisory | |
References | () http://secunia.com/advisories/36953 - Vendor Advisory | |
References | () http://secunia.com/advisories/37428 - Vendor Advisory | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 - | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1 - | |
References | () http://support.apple.com/kb/HT3865 - Vendor Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2009-0145 - | |
References | () http://www.samba.org/samba/security/CVE-2009-2813.html - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/507856/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/36363 - | |
References | () http://www.ubuntu.com/usn/USN-839-1 - | |
References | () http://www.vupen.com/english/advisories/2009/2810 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/53174 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html - |
Information
Published : 2009-09-14 16:30
Updated : 2024-11-21 01:05
NVD link : CVE-2009-2813
Mitre link : CVE-2009-2813
CVE.ORG link : CVE-2009-2813
JSON object : View
Products Affected
samba
- samba
apple
- mac_os_x_server
- mac_os_x
fedoraproject
- fedora
CWE
CWE-264
Permissions, Privileges, and Access Controls